Mobility is the weakest security link

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

Surveying more than 750 security decision makers and practitioners, a CyberEdge Group report found that more than 60 percent had been breached in 2013 with a quarter of all participants citing a lack of employer investment in adequate defenses.

Key findings include:

Concern for mobile devices. Participants were asked to rate — on a scale of 1 to 5, with 5 being highest — their organization’s ability to defend cyber threats across nine IT domains. Mobile devices (2.77) received the lowest marks, followed by laptops (2.92) and social media applications (2.93). Virtual servers (3.64) and physical servers (3.63) were deemed most secure.

The BYOD invasion. By 2016, 77 percent of responding organizations indicate they’ll have BYOD policies in place. 31 percent have already implemented BYOD policies, 26 percent will follow within 12 months, and another 20 percent will follow within two years.

Inadequate security investments. Although 89 percent of respondents’ IT security budgets are rising (48 percent) or holding steady (41 percent), one in four doubts whether their employer has invested adequately in cyber threat defenses.

Improved security or wishful thinking? Although 60 percent of respondents confessed to being affected by a successful cyber attack in 2013, only 40 percent expect to fall victim again in 2014.

Malware and phishing causing headaches. Of eight designated categories of cyber threats, malware and phishing/spear-phishing are top of mind and pose the greatest threat to responding organizations. Denial-of-service (DoS) attacks are of least concern.

Ignorance is bliss. Less than half (48 percent) of responding organizations conduct full-network active vulnerability scans more frequently than once per quarter, while 21 percent only conduct them annually.

Careless employees are to blame. When asked which factors inhibit IT security organizations from adequately defending cyber threats, “low security awareness among employees” was most commonly cited, just ahead of “lack of budget.”